Rating:
(8 reviews)
Author: James A. Whittaker
ISBN : 0321194330
New from $38.97
Format: PDF, EPUB
Download electronic versions of selected books Free How to Break Software Security [Paperback] from with Mediafire Link Download Link
How to Break Software Security describes the general problem of software security in a practical perspective from a software tester's point of view. It defines prescriptive techniques (attacks that testers can use on their own software) that are designed to ferret out security vulnerabilities in software applications. The book's style is easy to read and provides readers with the techniques and advice to hunt down security bugs and see that they're destroyed before the software is released. Accompanying the book is a CD-ROM containing Holodeck, which tests for security vulnerabilities. There are also a number of bug-finding tools, freeware, and an easy-to-use port scanner included on the CD-ROM.
Download latest books on mediafire and other links compilation Free How to Break Software Security
- Paperback: 208 pages
- Publisher: Addison Wesley (May 19, 2003)
- Language: English
- ISBN-10: 0321194330
- ISBN-13: 978-0321194336
- Product Dimensions: 0.4 x 7 x 9.1 inches
- Shipping Weight: 10.4 ounces
Free How to Break Software Security
The book categorizes software testing for security defects into attacks on software dependencies, user interfaces, design and implementation. The book focuses on 19 attacks (one being "overflow input buffers"), which form the core of the book. Parts 2 and 3 of the book explain when and how to apply each attack and what faults they find. Part 4 takes a more hands-on look at how to perform the testing.
In my opinion, the book is too dependent on the Holodeck 1.3 program provided on the CD. Rather than explaining security testing in a tool agnostic way, the book often simply explains how to use Holodeck to perform an attack. I use Linux and Holodeck is Windows only, so it was useless to me. Reviewer Yvonne Eu said the tool did not work in her test environment. Holodeck is currently maintained by Security Innovation who charge $1495 for a single user license, but they also offer a 30 day evaluation license. If the version on the CD does not work for you, these are your two options. The book is a lot less useful if Holodeck does not work for you, so bear this in mind.
The focus on Holodeck also limits the scope of the book. The use of other types of tools such as web proxies, port scanners and tools to exercise user interfaces is not adequately covered.
Finally, I was disappointed by chapter 6, which looks at security testing three applications: Windows Media Player 9.0, Mozilla 1.2.1 (for Windows), and OpenOffice 1.0.2 (for Linux). This is an ideal opportunity to dive down and show how security testing tools should be applied, common pitfalls, and hands-on techniques for finding security issues. Instead, the chapter only explains how attacks should be planned and goes no deeper.